Max

@0xw2w

Impassioned about finding vulnerabilities everywhere. H1: . Linkedin: /in/w2w/. SWEBD3

Ukraine
Vrijeme pridruživanja: svibanj 2014.

Tweetovi

Blokirali ste korisnika/cu @0xw2w

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @0xw2w

  1. Prikvačeni tweet
    17. srp 2019.

    Wrote a new article «Сookie-based XSS exploitation | $2300 Bug Bounty story». The article contains exploitation methods that I have ever used, which will help you to understand how to use this XSS to prove and increase vulnerability impact. Happy reading:)

    Poništi
  2. 29. sij

    In December, I submitted 21 vulnerabilities to 12 programs on .

    Poništi
  3. 29. sij

    Yay, I was awarded a $1500 bounty for Information Disclosure and $850 bounty for Race Condition on two accounts using on !

    Poništi
  4. 22. sij

    Sweet bonuses on Digitalocean in January 😋

    Poništi
  5. 10. sij

    Yay, I was awarded a $600 bounty for Improper Access Control that led to free use of monetary subscription on !

    Poništi
  6. 10. sij

    Yay, I was awarded a $1,250 bounty for Cookie-based XSS, the impact of which was proofed via another DOM-based XSS on !

    Poništi
  7. 9. sij
    Prikaži ovu nit
    Poništi
  8. 9. sij

    I've just published my research on the Two Factor Authentication security subject . I had fun and enjoyed writing this one, hope you'll enjoy reading! Have a good read! 🙂

    Prikaži ovu nit
    Poništi
  9. 1. sij
    Poništi
  10. 1. sij

    I don't care this is New Year, Christmas or Halloween If a sweet, fresh invite comes from , — I'm in! 😄

    Poništi
  11. 1. sij

    Happy New Year everyone! 🌲Have a great 2020! 🚀

    Poništi
  12. 14. pro 2019.

    When you have proven your point about a bug on 🙂

    Poništi
  13. 14. pro 2019.

    Sometimes I can write with some grammatical errors only in order to fit 280 symbols 😢

    Prikaži ovu nit
    Poništi
  14. 14. pro 2019.

    To be more clear,- \.textdomain.com - 500 error ^.textdomain.com - 500 error In my case, only worked, but all others weren't accepted. I've added it to my O R fuzzing list and recommend you to do so, too!

    Prikaži ovu nit
    Poništi
  15. 14. pro 2019.

    my.anotherdomain\@anotherdomain.com - 500 error my.anotherdomain^@anotherdomain.com - 302, accepted If you see that there are errors & your redirect not occurs but there are hints that this could work in particular cases, don't give up and continues fuzz!

    Prikaži ovu nit
    Poništi
  16. 14. pro 2019.

    Yay, I was awarded a $750 bounty for Open Redirect that leads to ATO via SAML SSO data capture through POST request on a third-party domain on !

    Prikaži ovu nit
    Poništi
  17. 14. pro 2019.

    List all IPs in a subnet in a pure view: nmap -sL -n 192.168.0.1/32, 192.168.1.0/30 | grep 'Nmap scan report for' | cut -f 5 -d ' '

    Poništi
  18. 14. pro 2019.

    a bug on the macOS app, - there is no possibility to exit from Grep - Extract window by clicking on the red button(no reaction on the click), a user needs to click Cancel every time.

    Prikaži ovu nit
    Poništi
  19. 14. pro 2019.

    Hey , how can I Grep - Extract from the response of another request, not current? For example, I want to update the CSRF header value on /login endpoint by parsing CSRF token value from /csrf endpoint, all in an intruder.

    Prikaži ovu nit
    Poništi
  20. 11. pro 2019.

    The toughest protection I've seen today - after 1 incorrect attempt of 2FA code entering, account blocking occurs and you need to unblock your account using an email with the support team.

    Poništi
  21. 11. pro 2019.
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·